[c-nsp] Slammer (1434) attack

Tim Stevenson tstevens at cisco.com
Wed Dec 22 13:39:03 EST 2004


Please let us know what supervisor engine & s/w version you are using on 
the 6500s. That will greatly impact the recommendations.

For example, ACL w/log is harmless on some sups - with the right 
configuration -and disastrous on others.

Tim

At 09:00 AM 12/22/2004, cisco-nsp-request at puck.nether.net exclaimed:
>Message: 6
>Date: Wed, 22 Dec 2004 11:48:34 -0500
>From: Rodney Dunn <rodunn at cisco.com>
>Subject: Re: [c-nsp] Slammer (1434) attack
>To: Gert Doering <gert at greenie.muc.de>
>Cc: cisco-nsp <cisco-nsp at puck.nether.net>
>Message-ID: <20041222114834.C4647 at rtp-cse-489.cisco.com>
>Content-Type: text/plain; charset=us-ascii
>
>I haven't done it on the 65xx but I know for software
>the DST interface for an ACL drop is Null0 as Gert said.
>I would think the 65xx works the same way.
>
>I don't suggest people do the "log" route.
>Export the traffic and see if it shows up as
>Null0.
>
>That's the most scalable way to do it.



Tim Stevenson, tstevens at cisco.com
Routing & Switching CCIE #5561
Technical Marketing Engineer, Catalyst 6500
Cisco Systems, http://www.cisco.com
IP Phone: 408-526-6759
********************************************************
The contents of this message may be *Cisco Confidential*
and are intended for the specified recipients only.


More information about the cisco-nsp mailing list